Re: [keycloak-dev] File-based Vault implementation
On Mon, Aug 12, 2019 at 11:43 PM Sebastian Laskawiec <slaskawi(a)redhat.com>
wrote:
Writing anything by a running Pod is very tricky. In theory you could
use a
Persistent Volume but this doesn't work with Secrets very well. So at least
in Kubernetes/OpenShift scenario, having a read-only vault and delegating
manipulating vault's secrets to the environment is the most natural way to
tackle this.
It seems that a lot of people is using the Vault by HashiCorp to manage
k8s/app sensitive data such as credentials. How useful a file-based vault
would be if you are already using HashiCorp ?
I think there is an ongoing work in Quarkus to support HashiCorp's Vault.
Maybe it is worthy to consider it or maybe wait for KC.Next :)